WAF changing public IP to local interface IP

Question

Hello, 
 We have setup WAF for our internal webserver hosting a site. We see that any public user IP accessing our site is being changed to the local interface ip going through the WAF. This changed local ip is seen in our webserver access logs. 
 There is no option to switch off NAT in WAF. Cyberoam has taken this as a bug, but is there a workaround to solve this issue. 
 
 Thanks 
 Pravash

ewadie · Accepted Answer

You find the client IP address in the X-Forwarded-For header of all requests that WAF sends to your web server.

PravashPanda · Answer

Thanks a lot ewadie!! We implemented the X-Forwarded-For header in our application and it was able to get the clientip. But somehow the X-Forwarded-For is not working in the apache webserver. Below are the options we tried and it didn't work in apache 
 
 First trial: 
 1. added "RemoteIPHeader X-Forwarded-For" to httpd.conf 
 2. added %a instead of %h "LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined" in the httpd.conf file 
 
 Second trial: 
 1. added %{X-Forwarded-For}i instead of %h "LogFormat "%%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined" in the httpd.conf file. 
 
 Thanks 
 Pravash